Just one day after disclosing a secret court order between the National Security Agency (NSA) and Verizon, The Guardian and The Washington Post both published secret presentation slides revealing a previously undisclosed massive surveillance program called PRISM. The program has the capability to collect data “directly from the servers” of major American tech companies, including Microsoft, Google, Apple, Facebook, and Yahoo. (Dropbox is said to be “coming soon.”)

The newspapers describe the system as giving the National Security Agency and the FBI direct access to a huge number of online commercial services, capable of “extracting audio, video, photographs, e-mails, documents, and connection logs that enable analysts to track a person’s movements and contacts over time.”

Since the news broke, Apple, Google, and Facebook have all gone on the record. Apple told CNBC that it never heard of PRISM and did not grant the government such access and echoed the same sentiment to the Wall Street Journal. Facebook told The Next Web that it also does not provide federal authorities with direct access to its servers, and Google told the site that it ”does not have a ‘back door’ for the government to access private user data.” It continued in a statement, "Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully."

Ars has reached out to Apple, Yahoo, and Paltalk over e-mail for comment but did not hear back at the time of publication. A Google spokesperson—when asked if the company had heard of or participated in the PRISM program—responded with the same statement given to The Next Web.

"We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM," a Dropbox spokesperson told Ars. "We are not part of any such program and remain committed to protecting our users’ privacy."

"Protecting the privacy of our users and their data is a top priority for Facebook. We do not provide any government organization with direct access to Facebook servers," Facebook wrote to Ars. "When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law."

"We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis," a Microsoft spokesperson responded. "In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it."

"We do not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers," AOL said in a statement Friday.

Kurt Opsahl, a staff attorney at the Electronic Frontier Foundation, says that these denials may not be very significant.

"Whether they know the code name PRISM, they probably don't," he told Ars. "[Code names are] not routinely shared outside the agency. Saying they've never heard of PRISM doesn't mean much. Generally what we've seen when there have been revelations is something like: 'we can't comment on matters of national security.' The tech companies' responses are unusual in that they're not saying 'we can't comment.' They're designed to give the impression that they're not participating in this."

Over five years of data

According to The Washington Post and The Guardian, PRISM began with Microsoft being the first company to cooperate with the government’s secret digital dragnet—on September 11, 2007. Apple is alleged to be the most recent collaborator, beginning in October 2012. The reports state that companies are given immunity from federal prosecution in exchange for opening access to their servers to the FBI’s Data Intercept Technology Unit.

The FBI did not immediately respond to Ars’ request for comment. The Post said that government officials “declined to comment for this story.”

As the Post describes the program:

From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.

Analysts who use the system from a Web portal at Fort Meade key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by the Post instruct new analysts to submit accidentally collected US content for a quarterly report, “but it’s nothing to worry about.”

Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than “six degrees of separation” from Kevin Bacon.

Meanwhile, The Guardian quoted from other slides that have yet to be published.

The presentation ... noted that the US has a "home field advantage" due to housing much of the Internet's architecture. But the presentation claimed "FISA [Forgeign Intelligence Surveillance Act] constraints restricted our 'home field advantage'" because FISA required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.

"FISA was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a FISA Court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the Government was collecting off a wire in the United States. There were too many e-mail accounts to be practical to seek FISAs for all."

The new measures introduced in the FAA redefine "electronic surveillance" to exclude anyone "reasonably believed" to be outside the US—a technical change which reduces the bar to initiating surveillance.

The British newspaper also mentioned that the government “boasts” of a rapid increase in the use of PRISM to obtain communications, noting that requests for Skype capture rose by 248 percent in 2012, 131 percent for Facebook, and 63 percent for Google. When the NSA finds something that it believes is worth investigating further, it issues a “report." “According to the NSA, ‘over 2,000 PRISM-based reports’ are now issued every month. There were 24,005 in 2012, a 27 percent increase on the previous year.”

The Post describes the source who sent the slides as a "career intelligence officer" who had firsthand experience with PRISM and expressed "horror" at what it could do. "They quite literally can watch your ideas form as you type," the officer said.

Update: James Clapper, the Director of National Intelligence released a statement on the program, saying that it did not try to target US citizens: "The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any U.S. citizen or of any person located within the United States,” the statement said. “The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons."

A New York Times source also confirmed the existence of PRISM, but downplayed its effects on Americans, saying that "it minimizes the collection and retention of information 'incidentally acquired' about Americans and permanent residents."

338 Reader Comments

EDIT: An important piece to note: "PRISM" refers to the fiber-optic splitters used to literally duplicate data streams. I think that PRISM probably refers to just the data collection project, or the name of the software portal/tools used to access the data, rather than the overall code-name of the project itself. That's what I get for thinking I'd found some sort of connection and rushing to post in excitement. Original source: http://seattletimes.com/html/politics/2 ... ing08.html

This means that the data is being collected in "raw" format at the ISP level, and either cached, or immediately redirected off-site to an NSA-controlled datacenter like the new one in Utah.

A key point this makes is that when Google, Apple, et al said today that they "didn't know", they might not have been lying, since data collection at the ISP level requires no complicit tagging of traffic by the application developers themselves.

I wondered whether the intercept method was software (backdoors) or hardware (direct intercept) - it seems we now have the answer: if you use internet service in the U.S., or if your traffic flows through it, it's likely already being peeped.

This also negates the effectiveness of projects like Tor - anonymizing your IP does little unless you're also directly encrypting your data. EDITED to add: Yeah, Tor is encrypted at multiple nodes, but it's still exploitable since "anyone" can set themselves up as a Tor exit node.

EDIT: One last note: if you store a Truecrypt volume in the "cloud", it's already compromised: you can compare differences between versions and derive the keys that way, since the data is being intercepted bit-by-bit at the ISP itself. This was incorrect - my apologies - I misunderstood the method by which a Truecrypt volume is updated. Thanks to lordlimecat for pointing that out.

However, a Republican administration would do exactly the same thing (and, I'll bet the record shows, started it).

I'm happy that someone (I don't care who, or why) is shining a light on this stuff. It probably won't affect the elections (too far away, and Americans have the attention span of an ADHD gnat), but it will definitely get folks thinking about the fact that some spooks now know they surf for dwarf pr0n, so privacy will become important.

By the time the next administration comes in (whoever it is), I'm hoping that their spooks will be under a great deal more scrutiny.

We can actually thank the AP land grab for this. There was a statement that Twain once made: "Never pick a fight with people who buy ink by the barrel."

I have always assumed that all my electronic communications are being monitored, or at least that they easily could be (I'm not a very interesting monitoring subject), without my consent. Whether it is legal or not doesn't really enter into it...by using the internet, phones, etc. you are trusting random strangers with your information; you should always assume that some of those strangers don't have your best interests at heart.

Most of you will have relatives that fought and died to fight the evil of fascism in the Second World War. What was that all about, if you are just allowing the same thing on your own doorstep by stealth?

Don't tell me about Godwin's Law, that's just a way to stifle debate. Call out this fascism for what it is. This is beyond the wildest dreams of the STASI or Stalin, because they didn't have the technology.

The NSA and the CIA are rogue states within the state, they are beyond control and are not acting for you, or in your best interests. This should upset you.

If there are not huge, mass protests on the streets of your state capitols all over the nation in the coming weeks, you should be ashamed of yourselves. The Orwellian state is not inevitable, but it takes actual action to stop this. Cynical tut-tutting will not do. This has to be shut down now, and proper protest is what it's going to take. Over to you.

One last note: if you store a Truecrypt volume in the "cloud", it's already compromised: you can compare differences between versions and derive the keys that way, since the data is being intercepted bit-by-bit at the ISP itself..

One last note: if you store a Truecrypt volume in the "cloud", it's already compromised: you can compare differences between versions and derive the keys that way, since the data is being intercepted bit-by-bit at the ISP itself..

One last note: if you store a Truecrypt volume in the "cloud", it's already compromised: you can compare differences between versions and derive the keys that way, since the data is being intercepted bit-by-bit at the ISP itself..

However it is quite an extrapolation to think that the hibernate file is somehow then passed across the internet.

Then again, if the FBI can get into Google I don't see why they can't get into wherever your truecrypt cloud provider is to access the memory and do decryption. Of course they would obviously need a serious reason to go to these lengths.

One last note: if you store a Truecrypt volume in the "cloud", it's already compromised: you can compare differences between versions and derive the keys that way, since the data is being intercepted bit-by-bit at the ISP itself.

If that were the case, Truecrypt would already be worthless, because someone could image your drive, let you work on it, make another image, and compare the two.

Luckily, thats not how encryption works, and the attack you describe cant be generalized without knowing a lot more about how things are encrypted. You appear to be describing a "Known-Plaintext attack", which Wikipedia notes modern encryption schemes (such as AES) are not vulnerable to.http://en.wikipedia.org/wiki/Known-plaintext_attack

Truecrypt is only "vulnerable" if you use crappy keys, or a crappy encryption algorithm (DES or something), or if you get keylogged.

Quote:

I think he is extrapolating upon this recent chink in TreuCrypt's armor:

Thats a pretty specific (and long-known) "flaw" that relies on hibernating your system when the volume is open. If you can think of a scenario where a computer is hibernated and yet somehow transmitting its hibernate file over the internet, I would be impressed.

One last note: if you store a Truecrypt volume in the "cloud", it's already compromised: you can compare differences between versions and derive the keys that way, since the data is being intercepted bit-by-bit at the ISP itself.

If that were the case, Truecrypt would already be worthless, because someone could image your drive, let you work on it, make another image, and compare the two.

Luckily, thats not how encryption works, and the attack you describe cant be generalized without knowing a lot more about how things are encrypted. You appear to be describing a "Known-Plaintext attack", which Wikipedia notes modern encryption schemes (such as AES) are not vulnerable to.http://en.wikipedia.org/wiki/Known-plaintext_attack

Truecrypt is only "vulnerable" if you use crappy keys, or a crappy encryption algorithm (DES or something), or if you get keylogged.

Two comparisons aren't enough - tens, hundreds, thousands? Probably enough. I'm talking about a Truecrypt volume stored on iCloud or Google Drive - each time you update it, if that traffic is peeped, you can conceivably build a picture of the bit-by-bit differences in the volume itself and thereby compromise it. Am I capable of doing that? No: however, the method is recognized.

I was wondnering when ARS would publish this story. It's been on every website and news program all day long. It's old news to me now guys. Have you seen the slide show and diagrams, detailing the governments connections to these various entities which even show the data speeds of the circuits. Or their new data-mining building currently under contruction. A new billion dollar facility where all the e-mails, audio, video, text messages, photos, skype conversations, etc.that they will be collecting will be stored on serversthousands of servers. impressive. And those of us who pay taxes are footing the bill for all of it. And of course Apple, not wanting to alienate their customers, has already come out and denied giving the government access to their servers. Which is, of course, what the government has demanded they say. The governments connection to Apple's servers, according to their slide show and diagrams, is one the faster ones. The one to microsoft was faster. I guess the needed a bigger pipe to gobble up all the skype traffic. :-)Big brother is watching. And hearing. And reading. Oh my. But they stopped a terrorist act, so it's OK.

Two comparisons aren't enough - tens, hundreds, thousands? Probably enough. I'm talking about a Truecrypt volume stored on iCloud or Google Drive - each time you update it, if that traffic is peeped, you can conceivably build a picture of the bit-by-bit differences in the volume itself and thereby compromise it. Am I capable of doing that? No: however, the method is recognized.

In order for an attack like that to remotely work, aside from fact that that attack DOESNT WORK on AES, you would need to know the plaintext of EVERY volume "instance" that you captured. If you did, why on earth would you need the key?

Please dont make statements about "what should work" when you dont understand cryptography.

EDIT:I should note that Truecrypt operates at a block, not bit, level, so youre going to need to compare encrypted blocks with other encrypted blocks, which, again, doesnt work. Defeating that kind of attack is the entire point of a successful encryption algorithm.

If you are worried about SMTP stream interception, get together with people you e-mail the most and setup secure mail.

I got nothing to hide. And yet I do this. Because I would not let random people read my laptop screen in public just as much as I do not allow random people, whoever they are, remote (and surreptitious!) access to my data. It's the same damn thing. One we frown upon and the other we shrug our shoulders and say so what (corporations tracking our every move online included). What you don't know CAN hurt you.

Two comparisons aren't enough - tens, hundreds, thousands? Probably enough. I'm talking about a Truecrypt volume stored on iCloud or Google Drive - each time you update it, if that traffic is peeped, you can conceivably build a picture of the bit-by-bit differences in the volume itself and thereby compromise it. Am I capable of doing that? No: however, the method is recognized.

In order for an attack like that to remotely work, aside from fact that that attack DOESNT WORK on AES, you would need to know the plaintext of EVERY volume "instance" that you captured. If you did, why on earth would you need the key?

Please dont make statements about "what should work" when you dont understand cryptography.

EDIT:I should note that Truecrypt operates at a block, not bit, level. It isnt a streaming encryption scheme, so youre going to need to compare encrypted blocks with other encrypted blocks, which, again, doesnt work. Defeating that kind of attack is the entire point of a successful encryption algorithm.

Right you are. I stand corrected; I misunderstood the method by which the volume would be updated.

One last note: if you store a Truecrypt volume in the "cloud", it's already compromised: you can compare differences between versions and derive the keys that way, since the data is being intercepted bit-by-bit at the ISP itself..

However it is quite an extrapolation to think that the hibernate file is somehow then passed across the internet.

Then again, if the FBI can get into Google I don't see why they can't get into wherever your truecrypt cloud provider is to access the memory and do decryption. Of course they would obviously need a serious reason to go to these lengths.

I reckon it's more likely he's thinking of this - which is a weakness worth keeping in mind, but still nowhere near as bad as Panther Modern described.